Google is updating its Android operating system to fix an issue that is believed to have left millions of smartphones and tablets vulnerable to personal data leaks.

"We recently started rolling out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," a Google spokesman said in a statement. "This fix requires no action from users and will roll out globally over the next few days."

According researchers at Germany's University of Ulm, the Android phones had a flaw that could allow hackers to steal a user's personal data.

"The implications of this vulnerability reach from disclosure to loss of personal information for the Calendar data," Ulm researchers Bastian K?nings, Jens Nickels and Florian Schaub wrote in their report.

The flaw affected 99.7% of all Android smartphones and was not limited to Google Calendar and contacts, "but is theoretically feasible with all Google services," the University of Ulm said.

Among the weaknesses mentioned in the report was ClientLogin, which is Android's system to authenticate apps.